OpenBSD Journal

DNSSEC validation has been enabled in the defaultunbound.conf(5)in -current.The relevant commits werefromJob Snijders (job@)

In amessageto the openssh-unix-dev mailing list,Damien Miller (djm@) wrote:

The EuroBSDCon channel at YouTube now has the EuroBSDCon 2019 videos online. One excellent way to start is with Patricia Aas' excellent keynote Embedded Ethics and just go on, but you could also go directly to the OpenBSD related talks:

A new OpenBSD store has been started, for those looking for OpenBSD swag now that the project no longer produces CDs. If you like the artwork that comes with the releases, this is a great way to support it. Quoting the about page:

In amessageto relevant mailing lists,Theo de Raadt (deraadt@) announced that theOpenBSD project's 47 release,OpenBSD 6.6,is now available frommirror sitesworldwide.Rather than reproducing here the full list of new features,we refer readers to the officialOpenBSD 6.6 page,and the detailedchangelog.Notable changes include but are not limited to:

Theo de Raadt (deraadt@)posted to tech@:

In a move bound to be greeted with great enthusiasm, the newly-releasedPatch 012for OpenBSD 6.5 addssysupgrade(8)to the system.Readers are encouraged to show their appreciation bydonating!

Theo de Raadt (deraadt@)has changednewvers.shto6.6:

Support forthe sgi hardware platformhas been discontinued:

EuroBSDcon 2019has concluded, and materials for the OpenBSD-related talks can be found inthe usual place.At the time of writing, official video recordings are not yet available,but the organisers assure us that they will be as soon as the editing is done.

Mark Kettenis (kettenis@) has recentlycommittedchangeswhich restore a certain amount ofstartx(1)/xinit(1)functionality for non-root users.The commit messages explain the situation:Read more…

On hisblog,Gilles Chehade (gilles@) has writtena very detailed article on running anOpenSMTPD mail server.The article begins:

On Monday, Otto (otto@) committed a small but significant change to the Firefox port.

The arm64 architecture hasjoinedamd64 and i386in having -stable package updatesavailable.

In a very welcome development, Solene Rapenne (solene@) announced that binary package updates for the most popular platforms will be available for the latest OpenBSD release.The announcement reads:

Theo de Raadt (deraadt@)has justtagged6.6-beta:

Stefan Sperling (stsp@) is developing a version control system,"Game of Trees".From <https://gameoftrees.org/>:

Martijn van Duren (martijn@) hascommitteda newSimple Network Management Protocol(SNMP) client,snmp(1):

David Gwynne (dlg@) has committed to -current another new network driver -an 802.1Q Two-Port MAC Relay driver,tpmr(4).Themain commit messageexplains the raison d'être:

On hisblog,Joshua Stein (jcs@) has written an[another!]excellent article on an involved investigation into a complex issue:the non-arrival of interrupts for certain touchpad devices.

Claudio Jeker (claudio@) hasannouncedthe release of a new version ofOpenBGPD:

Andrew Fresh (afresh1@)hascommittedOpenBSD::Unveil(3p),a Perl interface tounveil(2):

David Gwynne (dlg@) hascommitted to -currenta dedicatedLink Aggregation (EEE 802.1AX)driver,aggr(4).Themain commit messageexplains the raison d'être:

Ken Westerback wrote in with some good news:

Ted Unangst (tedu@)postedto the tech@mailing list regardingrecent changes to environment handling indoas(in -current):

Damien Miller (djm@) has just committed a new feature for SSH that should help protect against all the various memory side channel attacks that have surfaced recently.

Otto Moerbeek (otto@) has writtenan updateon his recent ntpd(8) work to the tech@ mailinglist:

Job Snijders (job@) hasimportedKristaps Dzonsons'rpki-client(discussed previously)into the tree:

Videos of presentations atBSDCan 2019are now (becoming) available from theYouTube channel.Links to the videos can now also be found in the usual place.

Our next hackathon report comes from Stefan Sperling (stsp@):

Florian Obser (florian@) hascommittedthe changes required to moveacme-client(1)in -current to theRFC 8555protocol used by theLet's Encrypt v02 API:

IntroductionThere have been some recent securityinnovationspreviously unreported here:

Ken Westerback of The OpenBSD Foundation wrote in with some excellent news on the 2019 fundraising campaign:

Next up with a report from g2k19 is Andrew Hewus Fresh(afresh1@):

Martin Pieuchot (mpi@) wrote in with a report from g2k19:

Otto Moerbeek (otto@) has been working on improving the behaviour of ntpd(8) during system boot, especially for machines whose time is way off (e.g. for machines without a battery-backed clock (RTC)).One recently committed improvement dealt with the problem of bad time in a DNSSEC environment, but Otto is working on more changes in this area.Read more…

With thiscommit,Reyk Floeter (reyk@) completed the addition ofServer Name Indication (SNI)torelayd(8):

With the latest hackathon finished, the subsequent BSDCan completed and its attendees having returned home, Claudio Jeker (claudio@) writes in with the first report from g2k19:

2019-04-24, Calgary, Alberta, Canada and elsewhere: With a message sent to relevant mailing lists, Theo de Raadt (deraadt@) announced that the OpenBSD project's 46th release, OpenBSD 6.5 is now generally available from mirror sites all over the world.Notable changes include but are not limited to:

After doing active development on it for about a month,i just released version 1.0.0 of the DocBook to mdoc converter,docbook2mdoc(1).The OpenBSD port was updated, too.In a nutshell, docbook2mdoc was brought from experimental statusto an early release that can be considered mostly usable forproduction, though no doubt there are still many rough edges.That's why i called it 1.0.0 and not 1.1.1.Read more…

The stream of t2k19 hackathon reports continues with this from Christian Weisgerber (naddy@):

Fresh from the recent t2k19 hackathon in Taipei, Florian Obser (florian@)writes in with this report:

A new hackathon report has arrived, this time from Stefan Sperling (stsp@), who writes:

Kenneth R Westerback (krw@) wrote in with areport on his recent participation int2k19:

Fresh from the t2k19 hackathon comes a report from Anthony J. Bentley (bentley@), who writes:Seeing an Asia hackathon coming up was pretty exciting; I’d never been there before. I spent a month or so preparing by getting through the more mundane things in my backlog, mostly new ports and updates. That left my time in Taipei open to focus on fixing some bugs and broken things.Read more…

Ken Westerback (krw@) writes in with his report froma2k19,the hackathon in New Zealand:

Ingo Schwarze wrote in with the announcement of a new mandoc release. Ingo writes,

We are delighted to have received ana2k19 hackathonreport: Antoine Jacoutot (ajacoutot@) writes:

SSH is an awesome tool. Logging into other machines securely is sopervasive to us sysadmins nowadays that few of us think about what'sgoing on underneath. Even more so once you start using the moreadvanced features such as the ssh-agent,agent-forwarding andProxyJump. Whendoing so, care must be taken in order to notcompromise one's logins or ssh keys.Read more…

It's that time of year again; Theo (deraadt@) has just tagged 6.5-beta. A good reminder for us all run an extra test install and see if your favorite port still works as you expect.